Method for Protecting a Sensor and Data of the Sensor from Manipulation and a Sensor to That End

1. A method for protecting a sensor device and sensor data of the sensor device from manipulation, the method comprising: sending, by a control unit, to the sensor device, and during authentication of the sensor device, a first data packet including a first time-variant parameter concatenated with an identity of the control unit; receiving, by the control unit, a second data packet, the second data packet having been generated by the sensor device by: encrypting the first data packet using a key of determined bit length, wherein, when a bit length of the first data packet is less than the bit length of the key, the encrypting includes padding the first data packet with additional bits; and concatenating a first determined number of bits of the encrypted first data packet with an identity of the sensor device; comparing, by the control unit, the second data packet with a calculated value of the first determined number of bits of the encrypted first data packet; and receiving, by the control unit, the sensor data, together with an integrity protection value, the integrity protection value having been generated by the sensor device based on a second time-variant parameter generated from a second determined number of bits of the first time-variant parameter; wherein one of a random number, a part of the random number, and a number obtained from the random number by a function is utilized as the time-variant parameters in the authentication of the sensor device.

2. The method of claim 1 , wherein the time-variant parameters are altered in each step of a transaction authentication.

3. The method of claim 2 , wherein the alteration of the time-variant parameters corresponds to a stepwise incrementation.

4. The method of claim 1 , wherein the sensor device is authenticated according to a challenge-response method.

5. The method of claim 1 , wherein the integrity of the sensor data is protected according to a message authentication code (“MAC”) method.

6. The method of claim 5 , wherein a one-key message authentication code (“OMAC”) method or an encrypted message authentication code (“EMAC”) method is used as the MAC method.

7. The method of claim 1 , wherein the time-variant parameters are realized by time stamps, sequence counters or random numbers.

8. The method of claim 1 , wherein the first determined number of bits are most significant bits of the encrypted first data packet, and the second determined number of bits are least significant bits of the first time-variant parameter.

9. A control unit comprising: a processor configured to: send to a sensor device, during authentication of the sensor device, a first data packet including a first time-variant parameter concatenated with an identity of the control unit; receive a second data packet having been generated by the sensor device by: encrypting the first data packet using a key of determined bit length, wherein, when a bit length of the first data packet is less than the bit length of the key, the encrypting includes padding the first data packet with additional bits; and concatenating a first determined number of bits of the encrypted first data packet with an identity of the sensor device; compare the second data packet with a calculated value of the first determined number of bits of the encrypted first data packet; and receive from the sensor device sensor data together with an integrity protection value, the integrity protection value having been generated by the sensor device based on a second time-variant parameter generated from a second determined number of bits of the first time-variant parameter; wherein one of a random number, a part of the random number, and a number obtained from the random number by a function is utilized as the time-variant parameters.

10. The control unit of claim 9 , wherein the sensor device has an arrangement for altering the time-variant parameters in each step of a transaction authentication.

11. The control unit of claim 10 , wherein the alteration of the time-variant parameters corresponds to a stepwise incrementation.

12. The control unit of claim 9 , wherein the first determined number of bits are most significant bits of the encrypted first data packet, and the second determined number of bits are least significant bits of the first time-variant parameter.